This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

AnnouncementAnnouncement Module

Collapse

No announcement yet.

enable authentication with ConnectorServerFactoryBeanPage Title Module

enable authentication with ConnectorServerFactoryBean

Aug 11th, 2006, 05:28 PM

I need to use ConnectorServerFactoryBean to create the mbeanserver because I need to access jmx behind a firewall, and cannot have the random port thing going.

I set that up with this:
<bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServer FactoryBean">
<!-- indicate to first look for a server -->
<property name="locateExistingServerIfPossible" value="true"/>
</bean>

Is there a way that I can enable authentication for this set up? I took a look at acegi and didn't see how I would integrate that. Can I set properties on the ConnectorServerFactoryBean which will enable authentication?

My bad, those variables are used when connecting to the server from a client (not when creating a server connector). To enable security for JDK implementation take a look at the samples provided with the JDK - the parameters you're interested in are:

Comment

I don't think it works that way. The wrinkle is I have to set up the server connector within Spring, because I need to hard code the port the rmi server uses. Otherwise it picks random ports, and that is a problem when outside a firewall.

i need to do this, and then can open those two ports on the firewall.
<property name="serviceUrl" value="service:jmx:rmi://localhost:8100/jndi/rmi://localhost:8335/server" />

I believe the system properties are only used when the jre sets up the mbean server. If I set up the serverconnector within spring they are ignored. All I need to do is specify that service url within jconsole, and it connects - whether i have the authentication flag system property set or not.

How have others solved this? Seems like a normal use case, needing to access a tomcat instance from behind a firewall with authentication.

Should I be looking at tunneling via ssh instead of the holes in the firewall...and let ssh worry about authentication? Should I be using another transport other than RMI? Can acegi get in the mix here? Does mc4j handle this any better?